Greek police arrested a Russian national, Alexander Vinnik, 38, for his role as owner of the BTC-e Bitcoin trading platform. In the US, the Department of Justice (DOJ) formally indicted Vinnik on 21 charges related to money laundering and the operation of an unlicensed money exchange.

According to several information sources, Vinnik and his platform BTC-e were the key points through which ransomware authors cashed in their earnings and hackers laundered money stolen from other hacked Bitcoin trading platforms.

Vinnik helped launder money from Mt. Gox hack

An unsealed DOJ indictment fingers Vinnik as the operator of one of the Bitcoin wallet used in laundering funds stolen from the Mt. Gox cryptocurrency exchange platform.

Mt. Gox was hacked in 2014 when a hacker stole around $475 million, and the platform collapsed shortly after, causing financial losses to most of its users.

A group of Bitcoin security specialists calling themselves WizSec published the results of an investigation that shows Vinnik’s involvement in laundering the Mt. Gox files. WizSec said they shared their findings with authorities but is unclear at the moment if their work led to the suspect’s arrest.

WizSec also believes Vinnik was involved in laundering money from other hacked cryptocurrency exchanges — Bitcoinica, Bitfloor, and some other currently unnamed platforms.

BTC-e cashed out 95% of ransomware payments

The indictment mentions that BTC-e was used to launder funds from the CryptoWall ransomware infrastructure.

Coincidentally, a day earlier, a team of researchers speaking at the Black Hat USA 2017 security conference, said that 95% of the ransom payments they tracked during a yearlong experiment were cashed out through BTC-e as well.

Slide from research presented at Black Hat 2017

Researchers tracked payments from ransomware operations such as Locky, Cerber, NotPetya, WannaCry, Spora, and others. In total, 34 families, and over 154,000 binaries.

The research team — formed from experts from Google, Chainalysis, University of California, San Diego, and New York University — said ransomware operators made between $1 million and $2 million per month during 2016, and most of this money was cashed out via BTC-e.

BTC-e is down for maintenance

Greek police arrested Vinnik on Tuesday in a seaside village in the country’s northern region. US authorities have requested his extradition. Authorities also seized electronic equipment that is now being analyzed for more evidence. Vinnik faces a combined maximum sentence of up to 35 years in prison, along with various fines.

Yesterday, after news of Vinnik’s arrest came to light in Greek media, BTC-e went down for maintenance. The platform said in a statement it would come back online in five to ten days.